You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flume.apache.org by "Ferenc Szabo (JIRA)" <ji...@apache.org> on 2018/11/23 14:53:00 UTC
[jira] [Updated] (FLUME-1549) Website should document encryption
[ https://issues.apache.org/jira/browse/FLUME-1549?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ferenc Szabo updated FLUME-1549:
--------------------------------
Fix Version/s: notrack
> Website should document encryption
> ----------------------------------
>
> Key: FLUME-1549
> URL: https://issues.apache.org/jira/browse/FLUME-1549
> Project: Flume
> Issue Type: Improvement
> Components: Docs
> Reporter: Brock Noland
> Assignee: Brock Noland
> Priority: Major
> Fix For: notrack
>
>
> This is from the RB
> {noformat}
> Below is some sample configuration:
> Generating a key with a password seperate from the key store password:
> keytool -genseckey -alias key-0 -keypass keyPassword -keyalg AES \
> -keysize 128 -validity 9000 -keystore test.keystore \
> -storetype jceks -storepass keyStorePassword
> Generating a key with the password the same as the key store password:
> keytool -genseckey -alias key-1 -keyalg AES -keysize 128 -validity 9000 \
> -keystore src/test/resources/test.keystore -storetype jceks \
> -storepass keyStorePassword
>
> agent.channels.ch-0.encryption.keyAlias = key-0
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0
> Let's say you have aged key-0 out and new files should be encrypted with key-1:
> agent.channels.ch-0.encryption.keyAlias = key-1
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
> The same scenerio as above, however key-0 has it's own password:
> agent.channels.ch-0.encryption.keyAlias = key-1
> agent.channels.ch-0.encryption.cipherProvider = AESCTRNOPADDING
> agent.channels.ch-0.encryption.keyProvider = key-provider-0
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.type = JCEKSFILE
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStoreFile = /path/to/my.keystore
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keyStorePasswordFile = /path/to/my.keystore.password
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys = key-0 key-1
> agent.channels.ch-0.encryption.keyProvider.key-provider-0.keys.key-0.passwordFile = /path/to/key-0.password
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@flume.apache.org
For additional commands, e-mail: issues-help@flume.apache.org